PCI DSS

03.19.2015

Just as in physical storage, cloud service providers are used to store sensitive data. This can be anything from credit card information to personal information such as social security numbers. There are three key cloud services: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The storage of […]

12.19.2014

As most of us know, the PCI DSS assessment effectively moved from version 2.0 to 3.0 at the beginning of 2014. The new 3.0 version raises security standards to help organizations focus more on the actual payment security aspect rather than the compliance itself. Having performed many PCI DSS 3.0 assessments this year, we want […]

12.17.2014

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas. While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles. It is during these times that people will most often let their guard down. In the search for the best deal, […]

09.29.2014

By: Vincent Booker, Senior Consultant at A-LIGN Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance: What You Should Be Asking Based on the New Requirements and Guidance. Third-Party Security Assurance As companies expand their reliance on third-party services providers (“TPSP”s) to store, process, or transmit cardholder data (“CHD”) or manage components […]

07.30.2014

By: Lori Crooks, Managing Consultant at A-LIGN If you process, store or transmit credit card data and already have a SSAE 16 or SOC 2 report, you might be considering adding on a PCI DSS assessment – and it isn’t as painful as you may think! There are controls, such as physical security, logical access, […]

02.05.2014

By: Gene Geiger, Partner of A-LIGN Recent Retail Breaches – What Should You Do When news of the Target breach was announced, in the middle of the holiday shopping season, it made headlines and re-kindled the debate on payment card data security and more specifically, the effectiveness of the PCI Data Security Standard (“PCI DSS”), which […]

11.20.2013

A-LIGN to present, “Countdown to Compliance: What you need to know for PCI 3.0” on Tuesday, December 10, 2013, from 2:00-3:00 pm EST. Gene Geiger, Director of A-LIGN Security and Compliance Services, will provide highlights of the changes in the standard from PCI DSS Version 2.0 to 3.0, the required implementation timeline and how organizations […]

09.17.2013

By: Gene Geiger, Partner of A-LIGN Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013. Through several webinars and documents provided to stakeholders, the Council has […]

03.20.2013

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to […]

03.20.2013

By: Gene Geiger, Partner of A-lign Security and Compliance Services In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service […]